>> About hybridation, the French national cybersecurity agency published >> (https://messervices.cyber.gouv.fr/documents-guides/transition_post_quantique_ipsec.pdf >> in French only, sorry) a support document. It seems to indicate strongSwan >> - - already supports draft RFC 9370 for hybrid key-exchange but I'm not sure >> if >> I need to enable something in the package >> - - doesn't have support for hybrid signature authentication because there's >> simply no standard on it. > > Yeah. It's been pretty tough RFC-wise for IPSec + PQC for a while. I > think OpenBSD iked landed sntrup761x25519 recently (mostly pulled from > OpenSSH's implementation, I was told), which is also not formalized > in an RFC AFAIK[citation needed].
No, it's not. There is an expired independent draft that defines this combination for SSH [1]. But not only are such hybrids that don't rely on RFC 9370 not specified for IKEv2 (as they could be impossible to use because of IP fragmentation). Since NTRU Prime "lost" against Kyber in the NIST ML-KEM competition, it probably got pretty difficult to define that combination even for TLS (which otherwise will soon get similar hybrid key exchanges [2]). For IKEv2, NTRU Prime would have to be added as separate KE method. In that regard it's similar to FrodoKEM, but for that there actually is an active draft [3] due to the standardization process via ISO. By the way, it looks like they added that in May 2021 already [4], so that was two years before RFC 9370 was published and nearly three and a half years before identifiers for ML-KEM were pre-allocated (the ML-KEM draft should finally be released as RFC soon [5]). Regards, Tobias [1] https://datatracker.ietf.org/doc/html/draft-josefsson-ntruprime-ssh [2] https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ [3] https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-hybrid-kem-ikev2-frodo [4] https://github.com/openiked/openiked-portable/commit/3a60108db9ebfcdadc75537cab3d94e93fb627db [5] https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-mlkem/
